Search
Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-27150 | 1 Opencrx | 1 Opencrx | 2024-01-03 | N/A | 5.4 MEDIUM |
| openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. | |||||
| CVE-2023-40813 | 1 Opencrx | 1 Opencrx | 2023-11-22 | N/A | 6.1 MEDIUM |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. | |||||
| CVE-2023-40817 | 1 Opencrx | 1 Opencrx | 2023-11-22 | N/A | 6.1 MEDIUM |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. | |||||
| CVE-2023-40816 | 1 Opencrx | 1 Opencrx | 2023-11-22 | N/A | 6.1 MEDIUM |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. | |||||
| CVE-2023-40814 | 1 Opencrx | 1 Opencrx | 2023-11-22 | N/A | 6.1 MEDIUM |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. | |||||
| CVE-2023-40815 | 1 Opencrx | 1 Opencrx | 2023-11-22 | N/A | 6.1 MEDIUM |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. | |||||
| CVE-2023-40812 | 1 Opencrx | 1 Opencrx | 2023-11-22 | N/A | 6.1 MEDIUM |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. | |||||
| CVE-2023-40810 | 1 Opencrx | 1 Opencrx | 2023-11-22 | N/A | 6.1 MEDIUM |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. | |||||
| CVE-2023-40809 | 1 Opencrx | 1 Opencrx | 2023-11-22 | N/A | 6.1 MEDIUM |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. | |||||
| CVE-2021-25959 | 1 Opencrx | 1 Opencrx | 2021-10-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance. | |||||
| CVE-2020-7378 | 1 Opencrx | 1 Opencrx | 2020-12-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020. | |||||